<?php 

/*
 * Users.php contains functions for maintaining the user records
 * Henrik Volckmer
 *
 * create_user()
 * user_exists()
 * user_logged_on()
 * validate password()
 */

 
/* User class which contains various info about a given user.
 *
 */
class User
{
	public $id;				// User id
	public $username;		// Username used for login
	public $displayname;	// Username displayed on pages
	public $firstname;
	public $lastname;
	public $email;
	
	// Default constructor, sets variables
	function User($id = 0, $username = 0, $displayname = 0, $firstname = 0, $lastname = 0, $email = 0)
	{
		$this->id = $id;
		$this->username = $username;
		$this->displayname = $displayname;
		$this->firstname = $firstname;
		$this->lastname = $lastname;
		$this->email = $email;
	}
	
	// echo returns the displayname of the user
	function __toString()
	{
		return $this->displayname;
	}
}
 
// Creates a new user in the database
function create_user($username, $display_name, $firstname, $lastname, $password, $email, $facebook = 0, $role_id = 0, $is_student = false)
{
	include('config.php');
	
	$time_joined	= time();
	
	// Salt the MD5 hash using unix time, which is at least 32-bit
	$password		= md5($time_joined + sha1($password));
	
	$query = 'INSERT INTO '.$table_prefix.'_users (time_joined, username, displayname, firstname, lastname, password, email, facebook, role_id, is_student)
				VALUES ('.$time_joined.',"'.$username.'","'.$display_name.'","'.$firstname.'","'.$lastname.'","'.$password.'","'.$email.'","'.$facebook.'","'.$role_id.'","'.$is_student.'")';
	
	$result = db_query($query);
	
	return true;
}

// Checks whether user exists in the database
function user_exists($username)
{
	include('config.php');
	
	$query = 'SELECT id FROM '.$table_prefix.'_users WHERE username = "'.$username.'"';
	$result = db_query($query);
	
	if(mysql_num_rows($result) > 0)
	{
		return mysql_result($result, 0, 'id');
	}
	return false;
}

// Gets basic user data based on id
function user_data($id)
{
	include('config.php');
	
	$query = 'SELECT * FROM '.$table_prefix.'_users WHERE id = "'.$id.'"';
	$result = db_query($query);
	
	if(mysql_num_rows($result) > 0)
	{
		return new User(mysql_result($result, 0, 'id'), 
						mysql_result($result, 0, 'username'), 
						mysql_result($result, 0, 'displayname'),
						mysql_result($result, 0, 'firstname'), 
						mysql_result($result, 0, 'lastname'),
						mysql_result($result, 0, 'email'));
	}
	return false;
}

// Check whether there's a user id associated with the given session, returns user id if there is, -1 if there isn't
function user_logged_in($sid)
{
	include('config.php');
	
	$query = 'SELECT uid FROM '.$table_prefix.'_sessions WHERE sid = "'.$sid.'"';
	
	$result = db_query($query);
	
	if(mysql_num_rows($result) > 0)
	{
		return user_data(mysql_result($result, 0, 'uid'));
	}
	return 0;
}

// Log a user into the system
function user_login($username, $password, $sid)
{
	include('config.php');
	
	$existence = user_exists($username);
	if ($existence != false && validate_password($username, $password))
	{
		$query = 'UPDATE '.$table_prefix.'_sessions SET uid = '.$existence.' WHERE sid = "'.$sid.'"';
		$result = db_query($query);
		return true;
	}
	return false;
}

// Log a user off given a user id
function user_logout($uid)
{
	include('config.php');
	
	$query = 'UPDATE '.$table_prefix.'_sessions SET uid = 0 WHERE uid = '.$uid;
	$result = db_query($query);
	
}

// Check whether the password is correct for the given user by comparing the password supplied with the hashed one in the database
function validate_password($username, $password)
{
	include('config.php');
	
	$query = 'SELECT time_joined, password FROM '.$table_prefix.'_users WHERE username = "'.$username.'"';
	$result = db_query($query);
	
	// Hash the password in order to compare with value in database
	$password = md5(mysql_result($result, 0, 'time_joined') + sha1($password));
	if ($password == mysql_result($result, 0, 'password'))
	{
		return true;
	}
	return false;
}

// Get user count stats, returns an array of key/value pairs
function user_stats()
{
	include('config.php');
	
	$query = 'SELECT count(*) FROM '.$table_prefix.'_users';
	$result = db_query($query);
	
	$stats[0] = array('total', mysql_result($result, 0, 'count(*)'));
	
	return $stats;
}

?>